Description/Job Summary

The Information Security Assurance Analyst will be responsible for managing client audit requests, responding to Information Security questionaries, and supporting Firm Information Security certifications. The Information Security Assurance Analyst will also manage internal IT and Information Security risk assessments and help achieve regulatory compliance.

The ideal candidate is detail-oriented with strong organizational and communication skills and can facilitate timely and accurate responses to client inquiries. The candidate must be able to effectively collaborate across functions to ensure that required Information Security controls are in place, coordinate across teams to gather evidence artifacts, and craft comprehensive audit responses that align with legal and regulatory standards.

Success in this role contributes to positive client relationships, regulatory compliance, and the overall reputation of the Firm.

Responsibilities/Duties

• Manage, track, and ensure timely closure of client information security audits and serve as internal and external primary point of contact during audits
• Respond to client Information Security questionnaires, including security outreach, vulnerability notifications, and responsible disclosures
• Support Firm ISO 27001, ISO 27702, and ISO 22301 certifications
• Participate in internal IT and IS risk assessments
• Collaborate across functions and teams to gather relevant information, documentation, and evidence as needed
• Communicate proactively with clients, addressing inquiries and providing updates on the status of the audit response
• Develop, build and continuously update centralized repository for audit-related documentation, ensuring easy retrieval and access for future reference
• Partner with the Office of the General Counsel and Firm Communications to draft client communications during security incidents
• Provide guidance to IT group members and firm personnel on related policies, firm procedures, regulatory rules and compliance
• Monitor legal and regulatory changes and developments; advise Director and develop appropriate strategies, corrective actions, communications.
• Proactively assesses potential risks and opportunities for improvement
• Develop and report on key performance indicators (KPIs) to measure the efficiency and effectiveness of the overall security assurance program

Required Skills

• Familiar with SIG-Lite and other third-party risk assessment frameworks
• Understanding of data security regulatory frameworks
• Strong knowledge of technology risk management concepts and their application
• Must be able to work collaboratively in a team environment
• Ability to handle sensitive and/or confidential material with discretion
• Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors
• Excellent written and verbal communication skills
• Strategic thinker with strong analytical and problem-solving skills
• Demonstrated project management and organizational skills, with strong attention to detail & ability to respond quickly and positively to shifting demands
• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation

Required Experience

• 5 years of experience in Information Security, IT Audit, IT Risk Management, or Third-Party Risk Management
• 2 years of experience working in a security assurance role Working knowledge of security control frameworks, such as ISO, SOC, NIST, COBIT, or similar

Required Education

• Bachelor’s degree, IT related discipline or equivalent experience

Preferred Education

• Professional certifications, such as CISSP, CISA, or CISM

Salary Information

The estimated base salary range for this position is $110k - $135k at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning that it is not overtime pay eligible.

Privacy Notice

For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.

#LI-hybrid